Deployment Requirements for a vSphere Client Remote Plug-in

To prepare a remote plug-in for deployment, you must prepare at least one file and launch one or more processes. The simplest plug-in can be implemented with a single back-end server and a plug-in manifest file that describes the extension views and other details about the plug-in.
Deployment of a remote plug-in takes place at run time, but you must make preparations in advance. You need to do the following to prepare for plug-in deployment:
  • Run a web server that provides plug-in components on demand.
  • Run your plug-in server binary. The plug-in server runs on a virtual or physical machine of your choice, but it must be the same machine as the web server.
  • Prepare a plug-in manifest file,
    plugin.json
    , that specifies the plug-in components. See also . The manifest file must be accessible by HTTPS, on the same machine as the web server.
  • Register your plug-in with a vCenter Server instance. You can register either by using the registration script in the SDK or by writing your own registration tool. In either case, you need the URL and credentials to access the vCenter Server instance. You also need the security certificate or thumbprint of your plug-in manifest server, and the URL of your plug-in manifest file. The connection should be secure HTTP (HTTPS).
For production installations, a best practice is to create a registration tool that does not expose vCenter Server credentials on the command line.
When registering the plug-in, it's highly recommended to provide the SSL certificate of the plug-in server in addition to the thumbprint of the SSL certificate of the plug-in server. Performing a full SSL certificate check during SSL handshake is more secure than performing an SSL certificate thumbprint check. Furthermore, in future vSphere releases, support for SSL certificate thumbprints will be dropped and full SSL certificates will be required.
To register a plug-in by using the script in the SDK, you use the
registerPlugin
function of the
extension-registration
script. The script arguments are demonstrated in the following example.
./extension-registration.sh -action registerPlugin -remote \ -url https://myvcenter/sdk \ -username administrator@vsphere.local -password mysecret \ -key com.mycompany.myplugin -version 1.0.0 \ -pluginUrl https://mydevbox:8443/myplugin/plugin.json \ -serverThumbprint 19:FD:2B:0E:62:5E:0E:10:FF:24:34:7A:81:F1:D5:33:\ 19:A7:22:A0:DA:33:27:07:90:0F:8E:8D:72:F1:BD:F1 \ -serverCertificateFile /tmp/plugin-server.cer \ -vCenterServerThumbprint 2A:0E:3C:1F:73:6F:1F:21:00:35:45:8B:92:02:E6:44:\ 2A:B8:33:B1:EB:44:38:18:A1:10:9F:9E:83:02:CE:02 \ -c 'Example, Inc.' -n 'Remote Plug-in' -s 'This is a remote plug-in'
To register a plug-in by means of your own tool, you must create an
Extension
type record in the
ExtensionManager
managed object. The
Extension
record must describe the plug-in manifest server in two places:
client[0]
and
server[0]
. These two array entries are similar in several properties, but have important differences:
  • The
    client
    array, which has type
    ExtensionClientInfo[]
    , contains the plug-in version in the first element. This is required so that the vSphere Client can manage plug-ins correctly.
  • The
    client
    array must have a
    type
    property with a value of
    vsphere-client-remote
    in the first element.
  • The
    server
    array, which has type
    ExtensionServerInfo[]
    , must have a
    type
    property with any value you choose in the first element. A best practice is to assign the value
    MANIFEST_SERVER
    to the first element of the array, to identify the manifest server for the plug-in.
  • To support HTTPS connections, the
    server
    array must have either
    serverThumbprint
    or
    serverCertificateFile
    or both in the first element. Property
    serverThumbprint
    takes the value of the SHA-256 hash of the server certificate, while
    serverCertificateFile
    takes the value of the PEM-encoded server certificate (string).
    HTTP connections are not recommended for production use with the vSphere Client.
Both the
client
array and the
server
array must have the same value in the
url
property of the first array element. The value must be the URL of the plug-in manifest server.
For information about the plug-in manifest, see Sample Manifest File for a Remote Plug-in. For information about auxiliary plug-in processes, see Using Auxiliary Plug-in Servers. For information about the plug-in registration script, see vSphere Client Plug-in Registration Tool.